View Issue Details

IDProjectCategoryView StatusLast Update
0006367OXID eShop (all versions)4.04. Securitypublic2016-04-06 15:41
ReporterAlexN 
PrioritynormalSeverityminorReproducibilityalways
Status acknowledgedResolutionopen 
Product Version4.9.7 / 5.2.7 
Target VersionFixed in Version 
Summary0006367: Generated Captcha in pricealaram contains bad characters
DescriptionOn a detail page of an article the captcha at pricealarm generates bad characters if "$this->captchaKey = '66303bc779b76899eb7340fdb8252439';" is not set in "config.inc.php".
Steps To ReproduceWell, setup a new OXID eShop CE with version 4.9.7 including sample articles. After that unset "$this->captchaKey = '66303bc779b76899eb7340fdb8252439';" and navigate to any article and check the captcha code. In case you are lucky and the captcha code contains no bad characters reload the page.
Additional InformationIn a CE 4.9.4 it seems to work.
TagsNo tags attached.
ThemeAzure
BrowserNot defined
PHP Version5.3
MySQL VersionNot defined

Activities

AlexN

2016-04-06 12:49

reporter  

bad-characters.png (11,318 bytes)
bad-characters.png (11,318 bytes)

hendrikfreytag

2016-04-06 15:22

reporter   ~0011522

https://github.com/OXID-eSales/oxideshop_ce/blob/v4.9.7/source/core/utils/verificationimg.php#L122

This will not work because this file is included elsewhere. So change include_once into include.

But why are you even creating this funny class oxConfKey? If the value is not set in https://github.com/OXID-eSales/oxideshop_ce/blob/v4.9.7/source/core/utils/verificationimg.php#L95 you can just call oxRegistry::getConfig()->getConfigParam('sConfigKey').